Description

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

Remediation

References

CVE-2024-48900

Related Vulnerabilities

Apache HTTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-41773)

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-59013)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1319)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5269)

Severity

Medium

Classification

CVE-2024-48900 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities